Use cloudflare DNS challenge for Traefik

ansible/roles/traefik/files/docker-compose.yml

@@ -4,6 +4,8 @@ services:
   traefik:
     image: traefik:v2.2.8
     network_mode: host
+    environment:
+      - CF_DNS_API_TOKEN={{ cloudflare_api_token }}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./traefik:/etc/traefik

ansible/roles/traefik/files/traefik.yml

@@ -36,8 +36,8 @@ certificatesResolvers:
     acme:
       email: hosting@theorangeone.net
       storage: /etc/traefik/acme.json
-      httpChallenge:
-        entryPoint: web
+      dnsChallenge:
+        provider: cloudflare
 
 serversTransport:
   insecureSkipVerify: true

ansible/roles/traefik/vars/main.yml

@@ -0,0 +1,8 @@
+cloudflare_api_token: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34353463353334326561626566613464363537393238353437376463376135623831343634643735
+  6136613231333531356137326333616264663865363139630a653939343435393061666366643332
+  38646539666631646337396137376232373037643934356363666462333835643464613431346366
+  3466383231363632310a346661383838633630643236623561373962356635346162653936393562
+  32646530656632393133356436653365356163313961343837633138383561376237306638313362
+  3636373939656462613032653530643536643466363135346139